Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Aurora, searchlight pops like crazy [CLOSED]

beeanner

Posted 27 April 2005 - 09:40 AM

beeanner

New Member

Member

3 posts

Morning all! Im having a very bad time with Aurora and Searchlight pops on my machine. Ive ran spyware removers and all all, but didnt fix it. Below is my hijack log for you to review. Any help would be much appreciated.

1. Unzip/extract the files inside to a folder on your desktop.2. Open the folder and run FindIt's.bat and wait for notepad to open a text file. It will take awhile so please be patient ...3. Then post the results here please, along with the new HijackThis log.

Findit's log:Microsoft Windows XP [Version 5.1.2600]The current date is: Wed 04/27/2005 PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»

greyknight17

Posted 28 April 2005 - 07:25 AM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

You may uninstall Ewido now. We don't need it anymore.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Delete these files:

C:\WINDOWS\system32\creditcard32123123123asdsa.icoC:\WINDOWS\system32\greenmovie2313asaadsasfad112341231adsfa.icoC:\WINDOWS\system32\mp3red51aads.icoC:\WINDOWS\system32\pop up blaster123213.icoC:\WINDOWS\system32\red_kas.icoC:\WINDOWS\svcproc.exe

Go to Start->Run and type in services.msc and hit OK. Then look for System Startup Service (SvcProc) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):